About this blog:

This site began life in 2009 as a spinoff from PogoWasRight.org after the number of breaches in 2008 made me realize I needed a separate site just for breaches.

If you want to sponsor the site, email me at breaches[at]databreaches.net, and I’ll consider  your offer. In August, 2016, this site started using Google AdSense in the hopes of getting some revenue to offset the costs of web hosting, CloudFlare for DDoS protection, and to occasionally pay those wonderful friends who help me maintain the site and fix problems that are beyond my skill set. I would prefer not to accept advertising, but we’ll try this as an experiment and see what happens.


This site receives no commercial sponsorship. That said, the author has consulting contracts with a few clients who are in fields related to topics covered on this site such as health insurance, EHR software development, and infosecurity. Those clients understand that their consulting contract with the author does not entitle them to any special treatment or consideration on this site.

About me:

I’m not a security professional.  I’m a licensed health care professional who is passionate about protecting privacy. I hope that exposing the scope and seriousness of breaches – large and small – will help inform policymaking and decisions about allocating resources to data security.

“You’ve Got it All Wrong! You’re So Unfair! You’re a Hacker!”

This site is a combination of news aggregation, investigative reporting, and commentary. You may disagree with my reporting or be offended by my opinions. If you think I’ve erred in my reporting, email and let me know what you think I got wrong. If you don’t like my commentary on a situation or your handling of an incident, you’re free to send a statement for me to consider posting. If you want to send me legal threats about my reporting or comments, knock yourself out, but don’t be surprised to see me report on your threat, any confidentiality sig blocks you may attach notwithstanding.

To contact me about this blog, email breaches[at]databreaches.net.

This page was last updated 05-25-2017 to add:

Okay, some people still don’t seem to get that threatening me or my site is not a winning strategy. I don’t cave in to bullies. Is that clearer? Or how about I put it this way:

There is NOTHING you can threaten me with that will scare me even 1/10th as much as the day both my kids got their driver’s licenses within 15 minutes of each other.

NOW do you get it?